feat(3p/nix): add --trace-file-access to nix-instantiate

This builds on edef's work with depot-scan by adding a dedicated flag to the command. We piggyback on upstream's restricted-mode implementation, the checkSourcePath function. Change-Id: I52bb613549f40dbca1e8caa036635910c1a3d6d0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1654 Tested-by: BuildkiteCI Reviewed-by: glittershark <grfn@gws.fyi>
2020-08-04 19:12:49 -07:00 · 2020-08-04 19:12:49 -07:00 · 68b5306c56
commit 68b5306c56
parent 6a128fc162
4 changed files with 49 additions and 0 deletions
--- a/third_party/nix/doc/manual/command-ref/nix-instantiate.xml
+++ b/third_party/nix/doc/manual/command-ref/nix-instantiate.xml
@ -39,6 +39,7 @@
    </arg>
    <arg><option>--add-root</option> <replaceable>path</replaceable></arg>
    <arg><option>--indirect</option></arg>
+    <arg><option>--<arg>no</arg>trace-file-access</option></arg>
    <group>
      <arg choice='plain'><option>--expr</option></arg>
      <arg choice='plain'><option>-E</option></arg>
@ -131,6 +132,13 @@ input.</para>

  </varlistentry>

+  <varlistentry><term><option>--<arg>no</arg>trace-file-access</option></term>
+    <listitem><para>While instantiating the expression, the evaluator will
+    print the full path to any files it reads with the prefix
+    <envar>trace-file-access: </envar> to the standard error.</para>
+    </listitem>
+  </varlistentry>
+
  <varlistentry><term><option>--json</option></term>

    <listitem><para>When used with <option>--eval</option>, print the resulting
@ -253,6 +261,10 @@ $ nix-instantiate --eval --xml --strict -E 'rec { x = "foo"; y = x; }'

 </refsection>

+<refsection><title>Conformance</title>
+  <para>The <option>--trace-file-access</option> option is a nonstandard
+  extension added by Tvix in 2020.</para>
+</refsection>

 <refsection condition="manpage"><title>Environment variables</title>